Senators Unveil Long-Awaited Cybersecurity Bill

Credit EligibleAs a HealthcareInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

The long-awaited cybersecurity and FISMA reform bill introduced Thursday by the leaders of the Senate Homeland Security and Governmental Affairs Committee would create two cybersecurity directors - one in the White House and the other in the Department of Homeland Security - to lead the federal governments information security efforts.

The Protecting Cyberspace as a National Asset Act of 2010 - sponsored by Committee Chairman Joseph Lieberman, ranking Republican Susan Collins and Tom Carper - also would provide a framework for the president to authorize emergency measures to protect the mostly privately owned critical IT infrastructure - such as financial networks and utility grids - if a cyber attack is imminent. Owners of these critical IT systems could face civil penalties if they don't follow regulations to secure them properly. The bill provides for the government and industry to collaborate on defining regulations and situations when a cyber emergency could be declared.

The bill also would reform the Federal Information Security Management Act, the 8-year-old law that governs how federal agencies secure their IT systems by jettisoning the paper-based compliance process with one that emphasizes continuous monitoring of computer systems and red-team assaults by "friendly hackers" to test vulnerabilities.

Creating two cybersecurity leaders appears to be a compromise between lawmakers who favored a strong, White House cybersecurity adviser and Collins, the Maine Republican, who's been adamant that cybersecurity leadership should emanated from Homeland Security.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

The Lieberman-Collins-Carper bill won praise by two key colleagues, Sens. Jay Rockefeller, D.-W.Va., and Olympia Snowe, R.-Maine, sponsors of their own cybersecurity legislation that the Senate Commerce, Science and Transportation Committee, which Rockefeller chairs, approved in March

"The broad overlap between this measure and the Rockefeller-Snowe initiative further underscores the bipartisan consensus within the Congress to confront this urgent threat," Snowe said in a statement. "Our failure to implement effective policies and procedures to prevent unauthorized intrusion has proven extremely consequential, and I stand ready to work with my colleagues in the Senate to swiftly enact a 21st century national security policy that will protect and preserve American cyberspace."

Support from Rockefeller and Snowe could help propel congressional passage of cybersecurity legislation this year. Late last month, as part of a defense authorization bill, the House passed comprehensive cybersecurity and FISMA reform legislation.

According to a committee-provided summary of the Protecting Cyberspace Act, a White House Office of Cyberspace Policy, headed by a Senate-confirmed director, would advise the president on all cyber security matters. The director would lead and harmonize federal efforts to secure cyberspace and would develop a national strategy that incorporates all elements of cybersecurity policy, including military, law enforcement, intelligence, and diplomacy. The director would oversee all federal activities related to the national strategy to ensure efficiency and coordination. The director would report regularly to Congress in the interests of transparency and oversight.

However, much of the day-to-day authority in implementing government cybersecurity policy would be granted to a Senate-confirmed director of the National Center for Cybersecurity and Communications, or NCCC, who would report to the secretary of Homeland Security and to the president through the Office of Cyberspace Policy. The NCCC would also oversee the United States Emergency Response Team, or U.S.-CERT, and lead federal efforts to protect public and private sector cyber and communications networks.

The NCCC would work with the private sector to establish risk-based performance standards to enhance cybersecurity for the nation's most critical infrastructure. Owners and operators of critical infrastructure covered by the act would be permitted to choose the combination of security measures to meet the risk-based performance standards.